Top of Page
 

CAP Domain Change FAQ

Q:

Why are changes being made to the CAP exam?

 
A:

(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing information security practitioner.

Q:

How is the CAP exam changing?

 
A:

The content of the CAP has been refreshed to reflect the most pertinent issues that authorization security professionals currently face, along with the best practices for mitigating those issues. Some topics have been updated while others have been realigned. The result is an exam that most accurately reflects the technical and practical security risk management knowledge required by practitioners in pursuit of information system authorization to support an organization's mission and operations in accordance with legal and regulatory requirements.

As a result of the content refresh, we have updated the domain names to describe the topics accurately. The CAP Exam Outline effective August 15, 2021 can be found here.

Current Domains

Weight

Domains as of August 15, 2021

Weight

Domain 1:

Information Security Risk Management Program

15%

Information Security Risk Management Program

16%

Domain 2:

Categorization of Information Systems

13%

Scope of the Information System

11%

Domain 3:

Selection of Security Controls

13%

Selection and Approval of Security and Privacy Controls

15%

Domain 4:

Implementation of Security Controls

15%

Implemenation of Security and Privacy Controls

16%

Domain 5:

Assessment of Security Controls

14%

Assessment/Audit of Security and Privacy Controls

16%

Domain 6:

Authorization of Information Systems

14%

Authorization/Approval of Information System

10%

Domain 7:

Continuous Monitoring

16%

Continuous Monitoring

16%

100%

100%

 

Q:

Why do domains for (ISC)² credential exams change?

 
A:

Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.

Q:

When will these changes go into effect?

 
A:

The examination will update on August 15, 2021.

Q:

In what language will the refreshed CAP exam be available?

 
A:

The refreshed CAP exam will be available in English only.

Q:

Will this change the number of questions or the time required to take the CAP exam?

 
A:

No. The CAP exam will have the same number of items, and the time required to take the exam will be the same.

Q:

If I have been studying for the CAP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?

 
A:

(ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the experience in the domains covered in CAP and believe that you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it.

Q:

Do these updates affect the experience requirement for the CAP?

 
A:

No. For the CAP, a candidate is required to have a minimum of two years cumulative work experience in one or more of the seven domains of the CAP CBK.

Q:

What impact do these changes have on (ISC)² training materials?

 
A:

The Official (ISC)² CAP Training Course will be available on August 15, 2021.

Ok